Forum Discussion
nplfish
Sep 07, 2022Copper Contributor
KQL queries for investigative purposes in Microsoft 365 Defender
Quite new to KQL but wanted to how one could use it to enhance or help an investigation of an Alert/Incident I know this may sound generic but any suggestions ,ideas or examples will be appreciated
- HeikeRitter
Microsoft
Hi, did you have a look at the NinjaShow? https://www.youtube.com/playlist?list=PLmAptfqzxVEXzbOYvCMjXJQuAwpqnACZ4
Even though it's in the context of Defender for Endpoint, we talk about the investigation experience and also touch on advanced hunting in this episode: https://www.youtube.com/watch?v=TUU5o2Z7oYw&list=PLmAptfqzxVEXzbOYvCMjXJQuAwpqnACZ4&index=7&t=1252s
Another excellent webinar I would recommend is this: https://www.youtube.com/watch?v=0D9TkGjeJwM&feature=youtu.be